| Summary: | ASTERISK-12909: Hangups are not recognized when using IAX2 encryption | ||
| Reporter: | Dave Miller (justdave) | Labels: | |
| Date Opened: | 2008-10-15 17:41:16 | Date Closed: | 2011-06-07 14:03:02 |
| Priority: | Major | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_iax2 |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | When activating encryption on an IAX trunk link via "encrypt=aes128" the call performs normally until one of the parties hangs up. On the Asterisk server which performed the hangup, it appears to hang up normally. On the other Asterisk server, you get a bunch of these in the log: [Oct 16 06:37:28] NOTICE[3144]: chan_iax2.c:7020 socket_process: Packet Decrypt Failed! [Oct 16 06:37:28] NOTICE[3149]: chan_iax2.c:7020 socket_process: Packet Decrypt Failed! [Oct 16 06:37:28] NOTICE[3147]: chan_iax2.c:7020 socket_process: Packet Decrypt Failed! [Oct 16 06:37:28] NOTICE[3145]: chan_iax2.c:7020 socket_process: Packet Decrypt Failed! for about 30 seconds, finally followed by: [Oct 16 06:37:27] WARNING[3148]: chan_iax2.c:2049 __attempt_transmit: Max retries exceeded to host 10.250.4.10 on IAX2/mountainview-4 (type = 6, subclass = 11, ts=10013, seqno=3) -- Hungup 'IAX2/mountainview-8' I also seem to sometimes get the packet decrypt errors when DTMF digits are transmitted (can't reproduce that one all the time though). I've tried it with both trunk=yes and trunk=no in the iax.conf on both ends with no difference. | ||
| Comments: | By: Dave Miller (justdave) 2008-10-15 17:45:00 looks like it's actually 20 seconds, and I copy-pasted from two separate events in the log snippets in my first comment, so ignore the timestamps when comparing to each other. :) A further call (I made sure these are all from the same event so the timestamps are in order) [Oct 16 00:50:57] NOTICE[30365]: chan_iax2.c:7204 socket_process: Packet Decrypt Failed! [Oct 16 00:50:57] NOTICE[30365]: chan_iax2.c:7204 socket_process: Packet Decrypt Failed! [Oct 16 00:50:58] NOTICE[30359]: chan_iax2.c:7204 socket_process: Packet Decrypt Failed! (...) [Oct 16 00:51:21] WARNING[30359]: chan_iax2.c:2169 __attempt_transmit: Max retries exceeded to host 63.245.220.10 on IAX2/mountainview-4342 (type = 4, subclass = 20, ts=25122, seqno=12) -- Hungup 'IAX2/mountainview-7818' By: Daniel Tryba (kwark) 2008-11-20 09:39:00.000-0600 I just ran into the same problem, the only active IAX tunnel that had encryption enabled reported: [Nov 20 15:39:59] NOTICE[30387] chan_iax2.c: Packet Decrypt Failed! [Nov 20 15:40:08] NOTICE[30395] chan_iax2.c: Packet Decrypt Failed! [Nov 20 15:40:08] NOTICE[30396] chan_iax2.c: Packet Decrypt Failed! [Nov 20 15:40:09] NOTICE[30393] chan_iax2.c: Packet Decrypt Failed! [Nov 20 15:40:09] NOTICE[30395] chan_iax2.c: Packet Decrypt Failed! [Nov 20 15:40:10] NOTICE[30390] chan_iax2.c: Packet Decrypt Failed! [Nov 20 15:40:10] NOTICE[30389] chan_iax2.c: Packet Decrypt Failed! [Nov 20 15:40:11] NOTICE[30387] chan_iax2.c: Packet Decrypt Failed! [Nov 20 15:40:18] NOTICE[30391] chan_iax2.c: Packet Decrypt Failed! [Nov 20 15:40:18] NOTICE[30392] chan_iax2.c: Packet Decrypt Failed! [Nov 20 15:40:19] WARNING[30388] chan_iax2.c: Max retries exceeded to host xxx.xxx.xxx.xxx on IAX2/vbcc-16385 (type = 6, subclass = 11, ts=30009, seqno=8) At this point all IAX tunnels start to exceed max retries, type=6 and with subclass either 2 or 11. But the difference is that in my situation no new calls can be placed. The only solution I found was to restart asterisk. Version 1.4.21. BTW I had the same problem before, but didn't see any "Packet Decrypt Failed!" at that time (or at least I can't remember seeing them, sadly enough I don't have those logs anymore). By: Leif Madsen (lmadsen) 2009-01-27 15:09:02.000-0600 Assigning to dvossel to see if there is anything he can do to move this issue forward. Thanks! By: Steve Lang (stevenla) 2009-02-01 10:24:05.000-0600 same issue here. Turn off encryption and the call does not get dropped. This occurs when we are experiencing packet loss. We have incremented the number of max_retry in the code to a large number but this does not seem to have any affect. re-creatable in 1 to 2 min's Can test fix By: David Vossel (dvossel) 2009-02-05 13:55:55.000-0600 I was able to reproduce the issue in 1.4.22, but after updating my code to the latest rev in branch 1.4 the issue seemed to go away. Can you update your code and verify that the issue does not arise? I've made some changes in chan_iax2.c in the last couple of days that might have affected this. By: David Vossel (dvossel) 2009-02-05 13:58:21.000-0600 Does issue still exist in latest code rev of 1.4 By: David Vossel (dvossel) 2009-02-11 16:01:05.000-0600 a similar issue does exist between 1.4 and (1.6.1/trunk) involving key rotation and encryption enabled. By: Steve Lang (stevenla) 2009-02-16 12:20:38.000-0600 We have Asterisk 1.4.23.1 and issue still ocures. By: Leif Madsen (lmadsen) 2009-02-19 09:47:23.000-0600 stevenla: I think dvossel is asking if the latest revision of 1.4 solves the issue, not the latest release. To checkout the latest revision of 1.4, please use: svn co http://svn.digium.com/svn/asterisk/branches/1.4 ./asterisk-1.4-vanilla Compile and install as normal, then perform your test again. Thanks! By: David Vossel (dvossel) 2009-03-02 17:26:12.000-0600 i haven't gotten any feedback about this in awhile. feel free to re-open this if you're still having trouble have tested it with the latest branch code. By: Leif Madsen (lmadsen) 2009-03-02 19:32:10.000-0600 Issue reopened after reporter opened a new bug. By: Steve Lang (stevenla) 2009-03-02 20:26:22.000-0600 Thank you for re-opening .. I did not get note regarding svn checkout above. I checked out the svn as noted above, compiled and installed. Same issue [Mar 2 18:11:04] NOTICE[4477] chan_iax2.c: Packet Decrypt Failed! [Mar 2 18:11:05] NOTICE[4477] chan_iax2.c: Packet Decrypt Failed! [Mar 2 18:11:05] NOTICE[4479] chan_iax2.c: Packet Decrypt Failed! [Mar 2 18:11:14] NOTICE[4483] chan_iax2.c: Packet Decrypt Failed! [Mar 2 18:11:14] NOTICE[4484] chan_iax2.c: Packet Decrypt Failed! [Mar 2 18:11:15] NOTICE[4481] chan_iax2.c: Packet Decrypt Failed! [Mar 2 18:11:15] NOTICE[4479] chan_iax2.c: Packet Decrypt Failed! [Mar 2 18:11:15] NOTICE[4480] chan_iax2.c: Packet Decrypt Failed! [Mar 2 18:11:24] NOTICE[4483] chan_iax2.c: Packet Decrypt Failed! [Mar 2 18:11:24] NOTICE[4484] chan_iax2.c: Packet Decrypt Failed! [Mar 2 18:11:25] NOTICE[4481] chan_iax2.c: Packet Decrypt Failed! [Mar 2 18:11:25] WARNING[4478] chan_iax2.c: Max retries exceeded to host xx.xx.xx.xx on IAX2XXXX-16384 (type = 6, subclass = 2, ts=630048, seqno=184) Thank you By: David Vossel (dvossel) 2009-03-03 12:04:10.000-0600 Can you verify that you are running the latest 1.4 branch code on both sides of the call? I just tested this with both sides running the latest code and was not able to reproduce the issue, but I did see problems when one side was running 1.4.22 and the other was running the latest 1.4 code. By: Steve Lang (stevenla) 2009-03-03 20:39:08.000-0600 Yes I took the note above last night and downloaded the following, compiled and ran it. svn co http://svn.digium.com/svn/asterisk/branches/1.4 [^] ./asterisk-1.4-vanilla Completed the above. Asterisk SVN-branch-1.4-r179468 Also tested this version with 1.6 on the remote end and the above svn on my end and had the same results. Tested with Asterisk 1.6.0.5 on both ends and had the same results. It only occurs when we encounter missing packets while encrypting traffic. By: Steve Lang (stevenla) 2009-03-03 20:44:03.000-0600 These versions as well: asterisk-1.6.1-rc1 asterisk-1.4.22 asterisk-1.4.23.1 By: David Vossel (dvossel) 2009-03-04 18:12:54.000-0600 Ok, this took me awhile to figure out. There are two different issues being discussed here. The issue which the reporter opened the bug report on involves packet decrypt errors occurring during hangups in 1.4.22. I was able to reproduce this bug in the 1.4.22 and can verify that it is no longer present in the latest 1.4 branch code. The second issue being discussed involves dropped calls during packet loss caused by decryption errors, which is a separate issue entirely. Since this is a separate issue it needs to be opened separately. I'm sorry about the confusion. | ||